feat: Participant Audit Log Table (#1881)

* feat: Audit Source Enum

* feat: add queues package

* feat: docker

* feat: sln

* feat: audit writer function

* feat: migration

* feat: EF model

* feat: queue

* feat: ParticipantAuditMessage model

* feat: receive function queue implementation

* test: tests

* chore: removed unnecessary usings

* chore: docker sonarqube security fix

* Update application/CohortManager/src/Functions/Shared/Common/Extensions/AzureQueueExtension.cs

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* chore: PR comment reviews

* chore: removed PII

* chore: removed PII

* chore: PII removed

* feat: return changed to throw

* feat: lazy initiation

* test: updated tests

* test: test covering the audit failure path.

* feat: removed redundant Function suffix and changed raw_data_ref to be dd-mm-yyyy

* test: added using, date change

* feat: write to blob container, rename container, fallback

* test: test added

* chore: changed from CREATED_DATETIME to DATE_CREATED to match other schemas

* chore: removed source from blobPath,

* fix: sonarqube error handling

* fix: sonarqube - dockerfile change

* test: update test to new implementation

* refactor: changed from queue to service bus trigger

* feat: createdDatetime model changes

* feat: participantAuditLogs made public

* feat: index changes

* test: unit tests

* test: unit test

* chore: remove unnecessary using

* feat: replaced auditQueueSender for IQueueClient

* chore: queue renamed

* feat: removed lazy loading and added BlobStorageHelper Method

* chore: typo

* test: updated tests

* chore: whitespace and hardcoded value changed to enum

* chore: whitespace

* feat: add environment variables to dockerfile

* feat: Sequential audit sends in batches

* feat: Queues added to service-bus config, graceful fallback on durablefunction

* feat: revert null forgiving

* feat: added AuditLogClient, refactored logic, renamed Config file

* feat: removed queue from config, added sub to compose

* refactor: ServiceBusClient

* feat: Configuration injection

* test: unit tests

* feat: renamed participant-audit-queue to participant-audit-topic

* feat: return not throw

* feat: terraform

* test: updated tests

* feat: removed repeat call, moved logic to common, refactor AddBatchAsync

* test: unit test to new implementation

* test: removed unnecessary parameters

* fix: trailing comma

* test: removed old parameter from constructor

* chore: SonarQube removed redundant jump

* refactor: AddBatchAsync refactored with using to remove dispose and for clarity

* feat: removed unneeded registration

* feat: Ioptions for config

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

Author: Warren-Pitterson

Directory.Packages.props

@@ -20,6 +20,7 @@
     <PackageVersion Include="Azure.Security.KeyVault.Secrets" Version="4.6.0" />
     <PackageVersion Include="Azure.Storage.Blobs" Version="12.20.0" />
     <PackageVersion Include="Azure.Storage.Queues" Version="12.20.1" />
+    <PackageVersion Include="Microsoft.Azure.Functions.Worker.Extensions.Storage.Queues" Version="5.5.0" />
     <PackageVersion Include="Azure.Messaging.EventGrid" Version="4.28.0" />
     <PackageVersion Include="Microsoft.ApplicationInsights.DependencyCollector" Version="2.23.0" />
     <PackageVersion Include="Microsoft.ApplicationInsights.WorkerService" Version="2.23.0" />

application/CohortManager/Set-up/service-bus/config.json

@@ -3,18 +3,41 @@
     "Namespaces": [
       {
         "Name": "sbemulatorns",
-          "Topics": [
-            {
-              "Name": "create-exception-topic",
-              "Properties": {
-                "DefaultMessageTimeToLive": "PT1H",
-                "DuplicateDetectionHistoryTimeWindow": "PT20S",
-                "RequiresDuplicateDetection": false
-              },
-              "Subscriptions": [
-                {
-                  "Name": "create-exception-sub",
-                  "Properties": {
+        "Queues": [],
+        "Topics": [
+          {
+            "Name": "participant-audit-topic",
+            "Properties": {
+              "DefaultMessageTimeToLive": "PT1H",
+              "DuplicateDetectionHistoryTimeWindow": "PT20S",
+              "RequiresDuplicateDetection": false
+            },
+            "Subscriptions": [
+              {
+                "Name": "audit-writer-sub",
+                "Properties": {
+                  "DeadLetteringOnMessageExpiration": false,
+                  "DefaultMessageTimeToLive": "PT1H",
+                  "LockDuration": "PT1M",
+                  "MaxDeliveryCount": 10,
+                  "ForwardDeadLetteredMessagesTo": "",
+                  "ForwardTo": "",
+                  "RequiresSession": false
+                }
+              }
+            ]
+          },
+          {
+            "Name": "create-exception-topic",
+            "Properties": {
+              "DefaultMessageTimeToLive": "PT1H",
+              "DuplicateDetectionHistoryTimeWindow": "PT20S",
+              "RequiresDuplicateDetection": false
+            },
+            "Subscriptions": [
+              {
+                "Name": "create-exception-sub",
+                "Properties": {
                   "DeadLetteringOnMessageExpiration": false,
                   "DefaultMessageTimeToLive": "PT1H",
                   "LockDuration": "PT1M",

application/CohortManager/compose.core.yaml

@@ -197,6 +197,23 @@ services:
       - ServiceBusConnectionString_client_internal=Endpoint=sb://service-bus;SharedAccessKeyName=RootManageSharedAccessKey;SharedAccessKey=SAS_KEY_VALUE;UseDevelopmentEmulator=true;
       - ServiceNowParticipantManagementTopic=servicenow-participant-management-topic
       - RetrievePdsDemographicURL=http://retrieve-pds-demographic:8082/api/RetrievePDSDemographic
+  # Audit Services
+  audit-writer:
+    container_name: audit-writer
+    image: cohort-manager-audit-writer
+    networks: [cohman-network]
+    build:
+      context: ./src/Functions/
+      dockerfile: AuditServices/AuditWriter/Dockerfile
+      args:
+        BASE_IMAGE: ${FUNCTION_BASE_IMAGE}
+    environment:
+      - AzureWebJobsStorage=${AZURITE_CONNECTION_STRING}
+      - DtOsDatabaseConnectionString=Server=db,1433;Database=${DB_NAME};User Id=SA;Password=${PASSWORD};TrustServerCertificate=True
+      - ServiceBusConnectionString=Endpoint=sb://service-bus;SharedAccessKeyName=RootManageSharedAccessKey;SharedAccessKey=SAS_KEY_VALUE;UseDevelopmentEmulator=true;
+      - AuditTopicName=participant-audit-topic
+      - AuditSubscription=audit-writer-sub
+
 
   # Screening Data Service
   create-exception:

application/CohortManager/src/Functions/AuditServices/AuditWriter/AuditConfig.cs

@@ -0,0 +1,13 @@
+namespace NHS.CohortManager.AuditServices;
+
+using System.ComponentModel.DataAnnotations;
+
+public class AuditConfig
+{
+    [Required]
+    public required string ServiceBusConnectionString { get; set; }
+    [Required]
+    public required string AzureWebJobsStorage { get; set; }
+    [Required]
+    public required string AuditTopicName { get; set; }
+}

application/CohortManager/src/Functions/AuditServices/AuditWriter/AuditWriter.cs

@@ -0,0 +1,83 @@
+namespace NHS.CohortManager.AuditServices;
+
+using System.Text.Json;
+using DataServices.Database;
+using Microsoft.Azure.Functions.Worker;
+using Microsoft.Extensions.Logging;
+using Model;
+
+public class AuditWriter
+{
+    private static readonly JsonSerializerOptions JsonOptions = new()
+    {
+        PropertyNameCaseInsensitive = true
+    };
+
+    private readonly DataServicesContext _dbContext;
+    private readonly ILogger<AuditWriter> _logger;
+
+    public AuditWriter(DataServicesContext dbContext, ILogger<AuditWriter> logger)
+    {
+        _dbContext = dbContext;
+        _logger = logger;
+    }
+
+    [Function(nameof(AuditWriter))]
+    public async Task Run(
+        [ServiceBusTrigger(topicName: "%AuditTopicName%", subscriptionName: "%AuditSubscription%", Connection = "ServiceBusConnectionString")] string messageText, FunctionContext context)
+    {
+        ParticipantAuditMessage? audit;
+        try
+        {
+            audit = JsonSerializer.Deserialize<ParticipantAuditMessage>(messageText, JsonOptions);
+        }
+        catch (JsonException ex)
+        {
+            _logger.LogError(ex, "Failed to deserialise audit message.");
+            return;
+        }
+
+        if (audit is null)
+        {
+            _logger.LogError("Audit message deserialised to null.");
+            return;
+        }
+
+        var auditLog = new ParticipantAuditLog
+        {
+            CorrelationId = audit.CorrelationId,
+            NhsNumber = audit.NhsNumber,
+            BatchId = audit.BatchId,
+            CreatedDatetime = audit.CreatedDatetime,
+            RecordSource = (int)audit.Source,
+            RecordSourceDesc = audit.RecordSourceDesc,
+            CreatedBy = audit.CreatedBy,
+            ScreeningId = audit.ScreeningId,
+            RawDataRef = audit.RawDataRef
+        };
+
+        try
+        {
+            _dbContext.participantAuditLogs.Add(auditLog);
+            var rowsAffected = await _dbContext.SaveChangesAsync();
+
+            if (rowsAffected <= 0)
+            {
+                _logger.LogError(
+                    "SaveChangesAsync reported 0 rows affected for CorrelationId {CorrelationId}.",
+                    audit.CorrelationId);
+                return;
+            }
+
+            _logger.LogInformation(
+                "Audit written | Source: {Source} | Correlation: {CorrelationId} | Rows: {Rows}",
+                audit.Source, audit.CorrelationId, rowsAffected);
+        }
+        catch (Exception ex)
+        {
+            _logger.LogError(ex,
+                "Failed to persist audit log for CorrelationId {CorrelationId}.",
+                audit.CorrelationId);
+        }
+    }
+}

application/CohortManager/src/Functions/AuditServices/AuditWriter/AuditWriter.csproj

@@ -0,0 +1,36 @@
+<Project Sdk="Microsoft.NET.Sdk">
+  <PropertyGroup>
+    <ProjectGuid>{A1B2C3D4-E5F6-7890-ABCD-EF1234567890}</ProjectGuid>
+    <TargetFramework>net8.0</TargetFramework>
+    <AzureFunctionsVersion>v4</AzureFunctionsVersion>
+    <OutputType>Exe</OutputType>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <Nullable>enable</Nullable>
+  </PropertyGroup>
+  <ItemGroup>
+    <PackageReference Include="Microsoft.Azure.Functions.Worker" />
+    <PackageReference Include="Microsoft.Azure.Functions.Worker.Extensions.ServiceBus" />
+    <PackageReference Include="Microsoft.Azure.Functions.Worker.Sdk" />
+    <PackageReference Include="Microsoft.Extensions.Diagnostics.HealthChecks" />
+    <PackageReference Include="Azure.Storage.Blobs" />
+    <PackageReference Include="Azure.Messaging.ServiceBus" />
+  </ItemGroup>
+  <ItemGroup>
+    <None Update="host.json">
+      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
+    </None>
+    <None Update="local.settings.json">
+      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
+      <CopyToPublishDirectory>Never</CopyToPublishDirectory>
+    </None>
+  </ItemGroup>
+  <ItemGroup>
+    <Using Include="System.Threading.ExecutionContext" Alias="ExecutionContext" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\..\Shared\DataServices.Database\DataServices.Database.csproj" />
+    <ProjectReference Include="..\..\Shared\DataServices.Core\DataServices.Core.csproj" />
+    <ProjectReference Include="..\..\Shared\Common\Common.csproj" />
+    <ProjectReference Include="..\..\Shared\HealthChecks\HealthChecks.csproj" />
+  </ItemGroup>
+</Project>

application/CohortManager/src/Functions/AuditServices/AuditWriter/Dockerfile

@@ -0,0 +1,16 @@
+ARG BASE_IMAGE
+FROM $BASE_IMAGE AS function
+
+COPY ./AuditServices/AuditWriter /app/src/dotnet-function-app
+WORKDIR /app/src/dotnet-function-app
+
+RUN --mount=type=cache,target=/root/.nuget/packages \
+    dotnet publish ./*.csproj --output /home/site/wwwroot
+
+# To enable ssh & remote debugging on app service change the base image to the one below
+# FROM mcr.microsoft.com/azure-functions/dotnet-isolated:4-dotnet-isolated8.0-appservice
+FROM mcr.microsoft.com/azure-functions/dotnet-isolated:4-dotnet-isolated8.0
+ENV AzureWebJobsScriptRoot=/home/site/wwwroot \
+    AzureFunctionsJobHost__Logging__Console__IsEnabled=true
+
+COPY --from=function ["/home/site/wwwroot", "/home/site/wwwroot"]

application/CohortManager/src/Functions/AuditServices/AuditWriter/Program.cs

@@ -0,0 +1,21 @@
+using Microsoft.Extensions.Hosting;
+using Microsoft.Extensions.DependencyInjection;
+using DataServices.Core;
+using DataServices.Database;
+using HealthChecks.Extensions;
+using Common;
+using NHS.CohortManager.AuditServices;
+
+var host = new HostBuilder()
+    .ConfigureFunctionsWorkerDefaults()
+    .AddConfiguration<AuditConfig>(out AuditConfig auditConfig)
+    .AddDataServicesHandler<DataServicesContext>()
+    .AddServiceBusClient(auditConfig.ServiceBusConnectionString)
+    .ConfigureServices(services =>
+    {
+        services.AddDatabaseHealthCheck("AuditWriter");
+    })
+    .AddTelemetry()
+    .Build();
+
+await host.RunAsync();

application/CohortManager/src/Functions/CaasIntegration/receiveCaasFile/ProcessFileClasses/CallDurableDemographicFunc.cs

@@ -65,6 +65,7 @@ public async Task<bool> PostDemographicDataAsync(List<ParticipantDemographic> pa
             var response = await _httpClientFunction.SendPost(DemographicFunctionURI, content);
 
             responseContent = response.Headers.Location!.ToString();
+
             // This is not retrying the function if it fails but checking if it has done yet.
             var retryPolicy = Policy
                 .HandleResult<WorkFlowStatus>(status => status != WorkFlowStatus.Completed && status != WorkFlowStatus.Failed)

application/CohortManager/src/Functions/CaasIntegration/receiveCaasFile/Program.cs

@@ -1,4 +1,3 @@
-using Microsoft.Azure.Functions.Worker;
 using Microsoft.Extensions.Hosting;
 using Microsoft.Extensions.DependencyInjection;
 using Common;
@@ -9,7 +8,6 @@
 using Model;
 using DataServices.Client;
 using HealthChecks.Extensions;
-using Microsoft.Extensions.Options;
 
 
 var loggerFactory = LoggerFactory.Create(builder => builder.AddConsole());
@@ -19,6 +17,7 @@
 {
     var host = new HostBuilder()
         .AddConfiguration<ReceiveCaasFileConfig>(out ReceiveCaasFileConfig config)
+        .AddConfiguration<AuditClientConfig>()
         .AddDataServicesHandler()
         .AddDataService<ParticipantDemographic>(config.DemographicDataServiceURL)
         .AddCachedDataService<ScreeningLkp>(config.ScreeningLkpDataServiceURL)
@@ -38,6 +37,7 @@
         services.AddTransient<IBlobStorageHelper, BlobStorageHelper>();
         services.AddTransient<ICopyFailedBatchToBlob, CopyFailedBatchToBlob>();
         services.AddScoped<IValidateDates, ValidateDates>();
+        services.AddTransient<IAuditLogClient, AuditLogClient>();
         // Register health checks
         services.AddBlobStorageHealthCheck("receiveCaasFile");
     })